Virus protection coming for wireless users

From...

by Bruno Giussani

(IDG) -- Owners of wireless devices seldom worry about rogue viruses, malicious hackers or identity thieves. And why should they? Today's cell phones and handhelds are simple, minimally networked appliances - nearly impervious to outside attack. But don't be fooled. Mobile gadgets are rapidly becoming more like PCs: perpetually connected to networks, able to download and execute programs, yet free from the constraints - and protections - of institutional firewalls. In short, they are becoming vulnerable.

Risto Siilasmaa, founder and CEO of F-Secure, wants to shield your Palm XV - or whatever wireless gizmo you pack in the future - from technology's dark side. The new breed of gadgets, he says, "will be in a state of permanent standby, always on, ready to transmit and process data at any time, ready to be attacked at any time."

MORE COMPUTING INTELLIGENCE

IDG.net home page

The Standard.com

First Palm virus found, but risk said to be low

Do handhelds need virus protection?

F-Secure plans virus protection for phones

Reviews & in-depth info at IDG.net

E-BusinessWorld

Industry Standard email newsletters

Questions about computers? Let IDG.net's editors help you

Industry Standard daily Media Grok

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

Siilasmaa's company is based in Espoo, Finland, a city among lakes and forests that lacks history, but is dense with the future. Home to hundreds of high-tech firms, the city has seen its population increase fivefold over the past decade as it grew into Finland's Silicon Valley. F-Secure sits at the end of a dead-end road, in a modern white building with cameras on the watch outside. To gain entry and traverse interior doors, you must flash a smartcard and punch in a numeric code. There are, after all, secrets to safeguard behind these doors, where virus experts scan virulent code, design cures and create advanced encryption systems.

Yet Siilasmaa would be the first to admit that his building's security is all but useless in protecting proprietary information. "The old paradigm of creating a secure zone within the physical perimeter of the company, using network firewalls and intrusion-detection systems, has reached the limits of effectiveness," says the 34-year-old CEO, whose careful attention to his non-native English can't mask his enthusiasm for the company's ascent. Under Siilasmaa's leadership, F-Secure has created a wireless-security model that has attracted major players like Cisco, Hewlett-Packard and Nokia. In the past year, all have inked deals to have F-Secure develop defense measures for their wireless gadgets and networks.

Not bad for a niche player. Though critics consistently rank the company's antivirus products above competing solutions, F-Secure is still an upstart in the global security market, with 350 employees, $23 million in sales last year and a brand that few outside Finland would recognize. Siilasmaa wants to change that. By 2004, more than a billion people are expected to own mobile phones, mostly data-enabled, and Siilasmaa is trying to position F-Secure to play a major role in protecting these devices. "Siilasmaa is clearly a visionary," says Louis Judice, a regional manager for HP's Mobile E-Services Bazaar, of which F-Secure is a member. "He's one of the first in the information-security industry to recognize the importance of locking down the wireless Web."

Siilasmaa launched his firm in 1988 fresh from the University of Helsinki, where he studied economics, global marketing and computer science. He named it DataFellows, changing the earnest moniker only last November to coincide with the company's IPO. Still earnest, even boyish in appearance, the CEO brushes a rebellious lock of reddish-brown hair from his forehead as he outlines the vulnerabilities of the mobile Internet. "Theoretically, a malicious script could switch the phone on at 2 a.m., call Angola, stay on for two hours and then switch it off, without you noticing until you get the bill," he says, offering one example. But it's more serious than that. As phones and PDAs become transaction terminals and repositories for valuable information - credit card numbers, personal IDs, digital money, e-keys, bank passwords, even company secrets - much more will be at stake.

With today's devices, says Siilasmaa, "the worst thing that can happen is that a corrupted attachment provokes the phone to crash and you lose your list of phone numbers." But change is coming fast. The new version of WAP, or wireless application protocol - a standard that allows mobile devices to display Web-like information - is due out by January, and is expected to create a PC-type environment that could open the door to attacks. A computer virus can access the operating features of the machine with the same priority as the user, Siilasmaa explains. Similarly, he says, hackers can write short programs to access a device's internal phone book, initiate or respond to a call, or do whatever else a legitimate user could do.

Siilasmaa hopes to protect wireless communications with a new approach: policy-based distributed security. In his model, a program called a management agent is installed in each device. This security software maintains constant contact with a server that automatically sends antivirus updates, cryptographic information and company-security policies to the device. The result is a centrally managed, distributed security zone that follows the user. Such a design also allows security to be sold by subscription. A corporate client could buy protection for its entire mobile fleet, while individuals could pay monthly security fees to an ISP or cellular operator.

F-Secure has plenty of competition. RSA Security is preparing an encryption program for wireless devices; Symantec is developing an antivirus application for Palm; McAfee sells software that scans and eliminates viruses from handhelds; and Ericsson, Motorola and Nokia have announced an initiative to secure mobile transactions. Still, Siilasmaa remains one up on his rivals. In August, F-Secure released the first-ever distributed antivirus product, for mobile devices running Symbian's EPOC operating system, and expects to follow with other wireless platforms. "F-Secure is ahead of the game," says Larry Lang, a Cisco marketing VP. Siilasmaa's model, he notes, "would allow mobile operators to provide advanced security measures to mass-market consumers while keeping activation and updates simple."

Despite this year's high-profile virus attacks, mobile network operators have done little to address such security concerns - good news for Siilasmaa, who has already scored network clients like Finland's Sonera and I.Net, Italy's leading ISP. "Operators have been focusing on how to authenticate the user, and on securing the transfer of information through encryption," he says. "They're just starting to grow aware of the risks of viruses, hackers and unauthorized access to mobile devices."

Anti-virus vendors focus on wireless devices
September 27, 2000
New Palm virus detected
September 22, 2000
Can viruses be used for good instead of evil?
September 15, 2000
Wireless technology presents new security challenges
September 7, 2000
McAfee aims to shield networks from PDA viruses
August 30, 2000

Anti-virus vendors focus on wireless
(InfoWorld)
F-Secure plans virus protection for phones
(IDG.net)
McAfee aims to shield networks from PDA viruses
(IDG.net)
Do handhelds need virus protection?
(PC World)
New Palm virus on the loose
(IDG.net)
First Palm virus found, but risk said to be low
(Computerworld)
Tivoli adds central security to wireless transactions
(NW Fusion)
Messages reportedly can freeze Nokia phones
(InfoWorld)

F-Secure Corp.
RSA Security, Inc.
Symantec Corp.
McAfee.com Corp.

Note: Pages will open in a new browser window

External sites are not endorsed by CNN Interactive.